New submission from Michael Schlenker <m...@contact.de>:

The introduction of the ReadOnly flag in the ssl.enum_certificates() function 
implementation has introduced a regression.

The old version returned certificates for both the current user and the local 
system, the new function only enumerates system wide certificates and ignores 
the current user.

The old function before Patch from https://bugs.python.org/issue25939 used a 
different function to open the certificate store (CertOpenStore vs. 
CertOpenSystemStore). Probably some of the param flags are not identical, the 
new code explictly lists only local system.

Testing:
1. Import a self signed CA only into the 'current user' trustworthy 
certificates.
2. Use IE to Connect to a https:// website using that trust root. Works.
3. Try to open the website with old python and new python. 
Old one works, new one fails.

Or just enum certificates:

1. Import a self signed CA into the current_user trusted store.
2. Compare outputs of:
import ssl
len(ssl.enum_certificates('ROOT'))

----------
assignee: christian.heimes
components: SSL, Windows
messages: 335084
nosy: christian.heimes, paul.moore, schlenk, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: ssl.enum_certificates() regression
type: behavior
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue35941>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to